Search code examples
windowsbatch-filenetstat

How to check if a string stored in a variable is the same as an ip address from netstat -nao in batch


This is my first time asking a question so try not to be to hard on me.

I am competing in a small capture the flag event and am writing some simple batch scripts to help out a bit.

The purpose of program is to check if output from netstat -nao is in the dontkill variable. If it is, then don't kill it; if it is not, then look for the process id and kill the connection. dontkill will contain my IP address so that it doesn't kill my remote connection to the computer.

Seems pretty simple, but I have had major trouble because I don't know how to write in batch very well.

Here is my code so far:

for /L %%i in (1,0,) do @for /f "tokens=5" %%j in ('netstat -nao ^| findstr ^"ESTABLISHED^"' ) do @taskkill /f /PID %%j

This goes through and looks for any ESTABLISHED connections and kills them in an infinite loop. I have tried many different variations of this command, and I recognize that I need some sort of a if/else statement in the second do to check if dontkill is the same as what is stored in the variable %%a in the loop:

for /f "tokens=3" %%a in('"netstat -nao^|findstr ^"ESTABLISHED^"')

I know this would probably be easier in some other scripting language but it has to be batch because the computers I will be using it on will be fresh install Windows XP, Server 2003, 2008 and Win7.

Ok with the for loop directly above the variable a is carrying output like this "192.168.1.230:1003" so it has the ip address and also the port separated by a colon.

I need to be able to compare it to the variable dontkill which only has the Ip address.

Is there any way to get rid of the :1003 so that I can compare it to the variable dontkill.

I have been messing around with things such as

SET line="192.168.1.241:10256"
SET string3=%line::[0-9]*=%

but it doesn't work.

So to be clear I'm trying to go from "192.168.1.241:10256" to "192.168.1.241" so that I can compare the final result to dontkill and decide what to do.

Thanks for the help in advance.

Sudo code /////////////////////////////////////////////////////////////////// DONTKILL = "192.168.1.241"

FOR(NUMBER OF PROCESSES FILTERED BY FINDSTR. LOOK AT COLUMN 3 AND 5)

VAR A IS THE COLUMN 3 INFO which is some ip address with port "192.168.1.241:1003"

VAR B IS THE COLUMN 5 INFO which is PID "1524"

IF(DONTKILL == A)

    DONTKILL THAT PROCESS
ELSE
    KILL THAT PROCESS USING 
    TASKKILL /F /PID B

I got the inspiration for this method from http://blog.commandlinekungfu.com/2010/01/episode-76-say-hello-to-my-little.html


Solution

  • Like this :

    @echo off&cls
    setlocal EnableDelayedExpansion
    
    set "DONTKILL=127.0.0.1"
    
    for /f "tokens=1-5 delims= " %%a in ('netstat -nao ^| find /i "ESTABLISHED"' ) do (
    echo [%%a] [%%b] [%%c] [%%d] [%%e]
    call:GetIP %%c
    
    if !$IP!==%DONTKILL% (
    echo IP !$IP! IS EQUAL TO DONTKILL [%DONTKILL%] 
    echo.
    ) else (
    echo IP !$IP! IS NOT EQUAL TO DONTKILL [%DONTKILL%]
    echo.
    )
    )
    exit/b
    
    :GetIP
    for /f "tokens=1 delims=:" %%a in ('echo %1') do (
    set "$IP=%%a"
    goto:eof)